The Briefing on Cybersecurity

The latest news, trends and data from the cybersecurity industry

In Data:

Cybersecurity News in Numbers

1.35 terabits

The level of rogue traffic per second that hit leading developer platform GitHub during what is now considered the worst distributed denial of service (DDoS) attack in history. Notably, the attack, which hit on 28th February, did not use a botnet of malware-infected devices, instead taking what is known as a memcached approach.

98 million

The number of cyberattacks on UK local authorities between 2013 and 2017, according to a report by Big Brother Watch based on freedom of information requests. This is equivalent to 37 attacks per minute and, although many fail in their attempts, this raises concerns given the amounts of personal data of citizens local authorities hold.

52%

The percentage of people aged 18-25 in the UK using the same password for numerous online services, according to a UK government survey conducted as part of its Cyber Aware campaign. The survey also found that 79% of all respondents sent sensitive data such as bank details or copies of passports via online messaging systems.

$530m

The amount stolen from businesses and consumers by an extensive international cyber ring before it was taken down by the US Justice Department. The ring, known as the Infraud Organization and operated under the slogan “In Fraud We Trust”, was run through an online forum to trade stolen financial data, identities and credit card details.

********

11%

The percentage of businesses that have good enough cybersecurity strategy and responses to qualify as ‘experts’, according to cyber insurer Hiscox. The survey, which involved the input of more than 4,000 organisations, found that the majority of businesses do not have adequate expertise to protect against attacks and their resulting damage.

Take Action:

Threats You Need to Respond To Now

Take Care with Tax Forms

A threat flagged as a ‘critical alert’ by Barracuda Security Insight is scaring users into opening Word or Excel documents presented as tax forms that then steal passwords from management software. Avoid opening attachments in tax-related emails, particularly if presented as urgent and, if unsure, contact the relevant tax agency to check their authenticity.

Be Wary of Skype

A security flaw in Skype discovered by researcher Stefan Kanthak that allows attackers to gain system-level privileges has prompted the company to schedule a complete rebuild of the software. However, as this may take a while to be produced, avoid using Skype on computers containing highly sensitive data until an update is released.

Review Cybersecurity Policies

With GDPR rapidly approaching, now is the time for companies to review their cybersecurity policies and ensure they are well placed to not only comply with the legislation but effectively mitigate an attack. Despite contrary advice, many companies do not review policies after an attack, leaving them open to repeated incidents.

Breach Alert:

Key Corporate Incidents this Month

NIS America Hack Compromises Gaming Customer Data

The US arm of game developer Nippon Ichi Software has announced that it suffered a major data breach that saw intruders gain access to payment card details and address information of recent customers. In an email to affected customers, NIS America said that the breach occurred between 23rd January and 26th February this year.

US restaurant chain Applebees has confirmed that many of its locations suffered a breach of their point-of-sale (POS) systems. The breach likely exposed customer names and payment card details used in in-person transactions between 6th December 2017 and 2nd January 2018, at the majority of its locations across the US.

Equifax has announced that a further 2.4 million US citizens were affected by its now infamous data breach, bringing the total number to 147.9 million. However, while the majority of the original group saw their social security number exposed, this cohort only had their name and part of their driver’s license number exposed.

An unsecured server resulted in the personal data of thousands of FedEx customers being exposed, although there is nothing to suggest it was obtained by third parties. Over 100,000 scanned documents containing passports, drivers licenses and IDs were left on the server, in a breach identified by white hat group Kromtech.